| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 27 Jul 2006 23:18:35 +0200 (CEST) From: Bodo Eggert <7eggert@....de> To: Alan Cox <alan@...rguk.ukuu.org.uk> cc: 7eggert@....de, Marcel Holtmann <marcel@...tmann.org>, Linus Torvalds <torvalds@...l.org>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, Andrew Morton <akpm@...l.org>, Eugene Teo <eteo@...hat.com> Subject: Re: Require mmap handler for a.out executables On Thu, 27 Jul 2006, Alan Cox wrote: > Ar Iau, 2006-07-27 am 19:49 +0200, ysgrifennodd Bodo Eggert: > > Can shell scripts or binfmt_misc be exploited, too? Even if not, I'd > > additionally force noexec, nosuid on proc and sysfs mounts. > > Why force them, this is just papering over imagined cracks and running > from shadows. If users want to be paranoid about these file systems or > their distro vendor is smart then the ability to set noexec/nosuid is > already supported and even more can be done with selinux. In fact as its > usually mounted in one place even AppArmor might be able to get it right > 8) s/force/default to/, since it's not OK to let the admin shoot his feet unless he _explicitely_ demands to. What if the next crack allows evading nosuid by using proc? Being paranoid doesn't mean they aren't after you ... -- bus error. passengers dumped. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists